<?php
# 文件名称:request.php
defined( '_SYS' ) or die( 'No direct script access allowed' );
$GLOBALS['__REQUEST'] = array();
/**
 * 变量过滤的等级
 */
define( 'C_REQUEST_NOTRIM'   , 1 );
define( 'C_REQUEST_ALLOWRAW' , 2 );
define( 'C_REQUEST_ALLOWHTML', 4 );
class C_request
{
	/**
	 * 访问页面时的请求方法 例如：“GET”、“HEAD”，“POST”，“PUT”
	 *
	 * @return string
	 */
	function getMethod()
	{
		$method = strtoupper( $_SERVER['REQUEST_METHOD'] );
		return $method;
	}
	/**
	 * 解析并获取给定的变量的值
	 *
	 * 默认是页面的请求方法的变量
	 *
	 * 通过hash强制改变
	 *
	 *   post		$_POST
	 *   get		$_GET
	 *   files		$_FILES
	 *   cookie		$_COOKIE
	 *   env		$_ENV
	 *   server		$_SERVER
	 *   method		via current $_SERVER['REQUEST_METHOD']
	 *   default	$_REQUEST
	 *
	 * @static
	 * @param	string	$name
	 * @param	string	$default    不存在时的默认值
	 * @param	string	$hash
	 * @param	string	$type		变量类型
	 * @param	int		$mask
	 * @return	mixed	Requested variable
	 */
	function getVar($name, $default = null, $hash = 'default', $type = 'none', $mask = 0)
	{
		// Ensure hash and type are uppercase
		$hash = strtoupper( $hash );
		if ($hash === 'METHOD') {
			$hash = strtoupper( $_SERVER['REQUEST_METHOD'] );
		}
		$type	= strtoupper( $type );
		$sig	= $hash.$type.$mask;
		// 变量类型
		switch ($hash)
		{
			case 'GET' :
				$input = &$_GET;
				break;
			case 'POST' :
				$input = &$_POST;
				break;
			case 'FILES' :
				$input = &$_FILES;
				break;
			case 'COOKIE' :
				$input = &$_COOKIE;
				break;
			case 'ENV'    :
				$input = &$_ENV;
				break;
			case 'SERVER'    :
				$input = &$_SERVER;
				break;
			default:
				$input = &$_REQUEST;
				$hash = 'REQUEST';
				break;
		}
		if (isset($GLOBALS['__REQUEST'][$name]['SET.'.$hash]) && ($GLOBALS['__REQUEST'][$name]['SET.'.$hash] === true)) {
			// Get the variable from the input hash
			$var = (isset($input[$name]) && $input[$name] !== null) ? $input[$name] : $default;
		}
		elseif (!isset($GLOBALS['__REQUEST'][$name][$sig]))
		{
			if (isset($input[$name]) && $input[$name] !== null) {
				// Get the variable from the input hash and clean it
				$var = C_request::_cleanVar($input[$name], $mask, $type);
				// Handle magic quotes compatability
				if (get_magic_quotes_gpc() && ($var != $default) && ($hash != 'FILES')) {
					$var = C_request::_stripSlashesRecursive( $var );
				}
				$GLOBALS['__REQUEST'][$name][$sig] = $var;
			}
			elseif ($default !== null) {
				// Clean the default value
				$var = C_request::_cleanVar($default, $mask, $type);
			}
			else {
				$var = $default;
			}
		} else {
			$var = $GLOBALS['__REQUEST'][$name][$sig];
		}
		return $var;
	}
	/**
	 * 获取整型变量值
	 *
	 *
	 * @static
	 * @param	string	$name
	 * @param	string	$default
	 * @param	string	$hash
	 * @return	integer	Requested
	 */
	function getInt($name, $default = 0, $hash = 'default')
	{
		return C_request::getVar($name, $default, $hash, 'int');
	}
	function getFloat($name, $default = 0.0, $hash = 'default')
	{
		return C_request::getVar($name, $default, $hash, 'float');
	}
	function getBool($name, $default = false, $hash = 'default')
	{
		return C_request::getVar($name, $default, $hash, 'bool');
	}
	/**
	 * 字符[A-Za-z_]
	 */
	function getWord($name, $default = '', $hash = 'default')
	{
		return C_request::getVar($name, $default, $hash, 'word');
	}
	/**
	 * 字符[A-Za-z0-9.-_]
	 */
	function getCmd($name, $default = '', $hash = 'default')
	{
		return C_request::getVar($name, $default, $hash, 'cmd');
	}
	function getString($name, $default = '', $hash = 'default', $mask = 0)
	{
		// Cast to string, in case C_REQUEST_ALLOWRAW was specified for mask
		return (string) C_request::getVar($name, $default, $hash, 'string', $mask);
	}
	function setVar($name, $value = null, $hash = 'method', $overwrite = true)
	{
		//不能覆盖已有的变量时
		if(!$overwrite && array_key_exists($name, $_REQUEST)) {
			return $_REQUEST[$name];
		}
		// Clean global request var
		$GLOBALS['__REQUEST'][$name] = array();
		// Get the request hash value
		$hash = strtoupper($hash);
		if ($hash === 'METHOD') {
			$hash = strtoupper($_SERVER['REQUEST_METHOD']);
		}
		$previous	= array_key_exists($name, $_REQUEST) ? $_REQUEST[$name] : null;
		switch ($hash)
		{
			case 'GET' :
				$_GET[$name] = $value;
				$_REQUEST[$name] = $value;
				break;
			case 'POST' :
				$_POST[$name] = $value;
				$_REQUEST[$name] = $value;
				break;
			case 'COOKIE' :
				$_COOKIE[$name] = $value;
				$_REQUEST[$name] = $value;
				break;
			case 'FILES' :
				$_FILES[$name] = $value;
				break;
			case 'ENV'    :
				$_ENV['name'] = $value;
				break;
			case 'SERVER'    :
				$_SERVER['name'] = $value;
				break;
		}
		// Mark this variable as 'SET'
		$GLOBALS['__REQUEST'][$name]['SET.'.$hash] = true;
		$GLOBALS['__REQUEST'][$name]['SET.REQUEST'] = true;
		return $previous;
	}
	/**
	 * 获取一个hash数组
	 */
	function get($hash = 'default', $mask = 0)
	{
		$hash = strtoupper($hash);
		if ($hash === 'METHOD') {
			$hash = strtoupper( $_SERVER['REQUEST_METHOD'] );
		}
		switch ($hash)
		{
			case 'GET' :
				$input = $_GET;
				break;
			case 'POST' :
				$input = $_POST;
				break;
			case 'FILES' :
				$input = $_FILES;
				break;
			case 'COOKIE' :
				$input = $_COOKIE;
				break;
			case 'ENV'    :
				$input = &$_ENV;
				break;
			case 'SERVER'    :
				$input = &$_SERVER;
				break;
			default:
				$input = $_REQUEST;
				break;
		}
		$result = C_request::_cleanVar($input, $mask);
		// Handle magic quotes compatability
		if (get_magic_quotes_gpc() && ($hash != 'FILES')) {
			$result = C_request::_stripSlashesRecursive( $result );
		}
		return $result;
	}

	function set( $array, $hash = 'default', $overwrite = true )
	{
		foreach ($array as $key => $value) {
			C_request::setVar($key, $value, $hash, $overwrite);
		}
	}

	/**
	 * 清空
	 *
	 * @static
	 * @return	void
	 */
	function clean()
	{
		C_request::_cleanArray( $_FILES );
		C_request::_cleanArray( $_ENV );
		C_request::_cleanArray( $_GET );
		C_request::_cleanArray( $_POST );
		C_request::_cleanArray( $_COOKIE );
		C_request::_cleanArray( $_SERVER );
		if (isset( $_SESSION )) {
			C_request::_cleanArray( $_SESSION );
		}
		$REQUEST	= $_REQUEST;
		$GET		= $_GET;
		$POST		= $_POST;
		$COOKIE		= $_COOKIE;
		$FILES		= $_FILES;
		$ENV		= $_ENV;
		$SERVER		= $_SERVER;
		if (isset ( $_SESSION )) {
			$SESSION = $_SESSION;
		}
		foreach ($GLOBALS as $key => $value)
		{
			if ( $key != 'GLOBALS' ) {
				unset ( $GLOBALS [ $key ] );
			}
		}
		$_REQUEST	= $REQUEST;
		$_GET		= $GET;
		$_POST		= $POST;
		$_COOKIE	= $COOKIE;
		$_FILES		= $FILES;
		$_ENV 		= $ENV;
		$_SERVER 	= $SERVER;
		if (isset ( $SESSION )) {
			$_SESSION = $SESSION;
		}
		// Make sure the request hash is clean on file inclusion
		$GLOBALS['__REQUEST'] = array();
	}
	/**
	 * 将处理后数组复制给全局变量
	 */
	function _cleanArray( &$array, $globalise=false )
	{
		static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' );
		foreach ($array as $key => $value)
		{
			// PHP GLOBALS injection bug
			$failed = in_array( strtolower( $key ), $banned );
			// PHP Zend_Hash_Del_Key_Or_Index bug
			$failed |= is_numeric( $key );
			if ($failed) {
				//jexit( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
			}
			if ($globalise) {
				$GLOBALS[$key] = $value;
			}
		}
	}
	/**
	 * 处理输入变量
	 *
	 * @param mixed The input variable.
	 * @param int Filter bit mask. 1=no trim: If this flag is cleared and the
	 * input is a string, the string will have leading and trailing whitespace
	 * trimmed. 2=allow_raw: If set, no more filtering is performed, higher bits
	 * are ignored. 4=allow_html: HTML is allowed, but passed through a safe
	 * HTML filter first. If set, no more filtering is performed. If no bits
	 * other than the 1 bit is set, a strict filter is applied.
	 * @param string The variable type {@see C_input::clean()}.
	 */
	function _cleanVar($var, $mask = 0, $type=null)
	{
		// 过滤设置
		static $noHtmlFilter	= null;
		static $safeHtmlFilter	= null;
		// If the no trim flag is not set, trim the variable
		if (!($mask & 1) && is_string($var)) {
			$var = trim($var);
		}
		// Now we handle input filtering
		if ($mask & 2)
		{
			// If the allow raw flag is set, do not modify the variable
			$var = $var;
		}
		elseif ($mask & 4)
		{
			// If the allow html flag is set, apply a safe html filter to the variable
			if (is_null($safeHtmlFilter)) {
				$safeHtmlFilter = & C_input::getInstance(null, null, 1, 1);
			}			
			$var = $safeHtmlFilter->clean($var, $type);
		}
		else
		{
			// Since no allow flags were set, we will apply the most strict filter to the variable
			if (is_null($noHtmlFilter)) {
				$noHtmlFilter = & C_input::getInstance(/* $tags, $attr, $tag_method, $attr_method, $xss_auto */);
			}
			$var = $noHtmlFilter->clean($var, $type);
		}
		return $var;
	}
	/**
	 * 递归进行转义
	 */
	function _stripSlashesRecursive( $value )
	{
		$value = is_array( $value ) ? array_map( array( 'C_request', '_stripSlashesRecursive' ), $value ) : stripslashes( $value );
		return $value;
	}
	function checkToken( $method = 'post' )
	{
		$SYS = &get_instance();
		$SYS->loader->helper('security');
		//$token = $SYS->request->getVar( getToken(), '', $method, 'alnum' );	
		$token=true;
		if(!$token)
		{
			$SYS->loader->helper('url');
			show_js_error(C_text::_('SESSION_EXPIRED'),WEBSELF.'/login');
			exit();
		}
	}
}
?>